By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

experts warned Tuesday that more needs to be done to increase awareness about cybersecurity issues and better educate future IT pros.

There will be local events and I worry about those having an effect on a particular region. Howard Schmidt,president and CEOH&L Security Consulting

"We need to provide resources for future problems," said Eugene Spafford, the executive director of Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS). "Patching the latest problem isn't getting us anywhere."

Spafford joined well known security experts Howard Schmidt, president and CEO of H&L Security Consulting and security luminary Bruce Schneier at the Information Security Decisions conference in Chicago for a discussion about cyber threats in 2008 and beyond. The panelists agreed that it would likely take a major cybersecurity event before the public becomes motivated enough to demand better security.

The panelists agreed that growing backdoor Trojan horse programs and herds of bots continue to be a problem moving forward, but it's unclear if they'll by used by cybercriminals to take down the electronic infrastructure of entire nations or in isolated targeted incidents for financial gain.

"We've had plans in place for a long time to minimize the impact [of an attack]," said Schmidt, who once served as a White House cybersecurity adviser. "There will be local events and I worry about those having an effect on a particular region."

Businesses have been preparing for an attack and systems would be initially disrupted, but they could be brought back online in time to minimize the impact, Schmidt said.

While businesses have been mainly addressing the threats from external sources, internal threats are becoming a growing problem. The panelists agreed that the drive for money among cybercriminals is still the basis of nearly all attacks, making data-level protection technologies a top priority.

Secure software development:

Tech vendors team up for secure software development: A group of technology heavy hitters, including Microsoft Corp. and Symantec Corp., joined forces on Tuesday to launch an organization devoted to finding ways to improve the quality and reliability of software.

"As we've noted there's a greater temptation for insiders … We've seen individuals more willing to take risks when they run into money issues," Spafford said. "Typical enterprises no longer have a typical perimeter … We have to move the defenses closer to the valuable data."

Web applications continue to be targeted and Voice over Internet Protocol (VOIP) attacks in which attackers can intercept and sell company meeting minutes, inject misleading spam messages or create massive outages could also pose a problem for enterprises, the experts said. Phishing attacks are also becoming more targeted and sophisticated tricking end users into giving up sensitive information.

"Education should be driven by the market; it's the responsibility of the commercial vendor community," Spafford said.

The panelists stopped short of calling for government regulations to push vendors into making more secure products. Spafford said there likely isn't enough public outrage to force the Federal government to enact legislation. Also, the need to increase profit margins has done enough to push vendors into developing more standards and it could be the main driver to better educate their workforce on security issues.

Schneier took it a step further, saying electronic devices, such as computers, PDAs and cell phones have too many features opening them up to cyberattacks. While consumers want more features, they're not necessarily using them and software developers and engineers are failing to make devices with security in mind, he said.

"Attacks are now targeting people rather than the syntax of the software," Schneier said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy